1. Windows Forensic Analysis Dvd Toolkitwindows Forensics And Technology
2. Windows Forensic Analysis Dvd Toolkit Windows Forensics And Security

Windows Forensic Analysis DVD Toolkit, 2nd edition.By Harlan Carvey. The first edition of Harlan Carvey's text on Windows forensics quickly became a standard as an example of both a quality professional reference and a source of a font of practical information on the subject. Chapter 3 - Windows Memory Analysis. An extremely valuable skill for administrators, consultants, and forensics analysts. Windows Forensic Analysis DVD Toolkit addresses and discusses in-depth forensic analysis of Windows systems. Harlan Carvey's most popular book is Windows Forensic Analysis: DVD Toolkit. Windows Registry Forensics: Advanced Digital Forensic Analysis of the.

Windows Forensic Analysis Dvd Toolkitwindows Forensics And Technology

Windows Forensic Analysis DVD Toolkit, 2nd Edition, is a completely updated and expanded version of Harlan Carvey's best-selling forensics book on incident response and investigating cybercrime on Windows systems. With this book, you will learn how to analyze data during live and post-mortem investigations. New to this edition is Forensic Analysis on a Budget, which collects freely available tools that are essential for small labs, state (or below) law enforcement, and educational organizations.

The book also includes new pedagogical elements, Lessons from the Field, Case Studies, and War Stories that present real-life experiences by an expert in the trenches, making the material real and showing the why behind the how. The companion DVD contains significant, and unique, materials (movies, spreadsheet, code, etc.) not available anyplace else because they were created by the author. This book will appeal to digital forensic investigators, IT security professionals, engineers, and system administrators as well as students and consultants.

'If your job requires investigating compromised Windows hosts, you must read Windows Forensic Analysis.' -Richard Bejtlich, Coauthor of Real Digital Forensics and Amazon.com Top 500 Book Reviewer 'The Registry Analysis chapter alone is worth the price of the book.'

-Troy Larson, Senior Forensic Investigator of Microsoft's IT Security Group 'I also found that the entire book could have been written on just registry forensics. However, in order to create broad appeal, the registry section was probably shortened. You can tell Harlan has a lot more to tell.'

-Rob Lee, Instructor and Fellow at the SANS Technology Institute, coauthor of Know Your Enemy: Learning About Security Threats, 2E. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field.

Windows Forensic Analysis Dvd Toolkit Windows Forensics And Security

He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.

Title: Windows Forensic Analysis - DVD Toolkit 2nd Edition Author: Harlan Carvey Publisher: Syngress Date of Publication: 2009 Price: $69.95 (USA) ISBN: 9229 Reviewer: Peter Sheffield Review This second edition of Harlan Carvey's excellent book on Windows Forensic Analysis is a fantastic uplift to what I'd classify as the best book I owned on Windows forensics, especially from a practitioners' perspective. This 2nd edition works on multiple levels; with practical advice and guidance for live Windows forensic analysis as well as more in depth discovery guidelines for back your work back in the lab, all augmented by real scripts and utilities that will help you retrieve valuable forensic evidence from a target machine.

Chapter 4 on registry analysis is particularly strong with details on audit policy and event log analysis, wireless SSID discovery, understanding autostart, and one of my favorites, the section on how to track USB removable storage devices across Windows systems. Earlier chapters on Windows Live Response and Windows memory analysis are also extremely strong and very useful with loads of practical tips to extracting and preserving evidence.

Chapter 5, on file analysis, is also really useful with a fantastic discussion on Alternate Data Streams, one of the lesser-understood features of the NTSF file system. Data can easily be hidden inside NTFS using ADS techniques, and forensic investigators should know how to find this stuff and what to do with it. Chapters 6 and 7 deal with malicious code and understanding executable files, as well as delving down into the details of rootkits to see how they may affect a system being investigated and how you might identify they are there and what they are doing. Chapter 8 pulls everything together into a series of case studies where the author walks us through using all the techniques previously discussed. Finally, the last chapter looks at performing forensic analysis on a budget using a bunch of free tools, such as dd for Windows, the SleuthKit, PyFlag, hex editors, network tools and packet capture and analysis. On the DVD, there are movies showing a variety of investigation techniques, scripts and tools that all contribute to this being the best Windows Forensic Toolkit available today.

The only major criticism I have is that now that Windows 7 is on the shelves and becoming the preferred operating system on OEM PCs, although many of the tools and techniques will still be relevant, there will be new features that need covering, such as Jump Lists. Peter Sheffield is a freelance security consultant, working in the private banking industry, with special interests in audit, compliance and forensic readiness.

Peter has recently started working at Digital Forensics Magazine and is now one of their team of dedicated book reviewers. For more information see.